I’ve heard this before – “I’m not sure my computer security practices are working”. I reply “Have you tested them?” This course is the fourth and final course in the Practical Computer Security specialization. In this course, you’ll learn how to proactively test what you have put in place to protect your data. In the first week you’ll be able to discuss the basics of deterrents and how to “trick” attackers into believing they’ve hit a goldmine of data away from your real systems. In week 2, you’ll be able to understand and discuss the steps of penetration testing methodology. In week 3, you will be able to understand and apply what you have learned on your own systems to test whether your systems are secure or not. In week 4, we’ll discuss planning for your own methodology that you can apply to your own systems. And finally in week 5, we’ll finish up with a project that will allow you to test your skills in a safe environment.

Avaliações

JJ

Class doesn't seem very active-- not a lot of students so I had to wait awhile for peer reviewed assignments to get reviewed, but the content is great.

JK

Jan 10, 2018

Filled StarFilled StarFilled StarFilled StarFilled Star

Course was well presented. Professor did a great job presenting this material and keeping things interesting and real-life.

Na lição

Proactive computer security management

This module will cover some of the other issues and concerns for those interested in proactive security. Legal issues are important for any level of management and administration to be concerned with. Planning goes a long way toward effective proactive computer security.

Ministrado por

Greg Williams

Transcrição

Where do I go from here? That's the title of the lesson. But it's really where do you go from here? I want you to understand a few things about proactive security. Proactive security is the best thing that you can do for your security existence, security posture, protecting your systems for your organization, for you. Security is not going away. There's a reason why security, or information security, has such a large unemployment, or under unemployment rate, because we can't find enough people to protect our systems. No matter what industry that you're in, you need to be more proactive. The more proactive you are, the better off you are. And you're going to try to stay one step ahead of the attackers. If you're constantly improving your systems in the security posture that you have on those systems, the better off you are. And the better that you're going to say ahead of the attackers. Get other people involved in being proactive about security. Conduct security assessments. If you have other organizations, especially if you're in higher education, go to the university down the street. Here in Colorado, we have a great working relationship with all the other higher education institutions. And sure, we'll conduct penetration tests for Colorado College down the street. We've offered this before. You test our systems, and we'll test yours. Perform auditing as well. Get your auditors involved in proactive security. Make sure that they're aware of what's going on. Educate yourself and others. Get external partners involved, like join your local ISSA chapter. Just found out last night that the Colorado Springs chapter which I'm a part of has been selected as the ISSA's chapter of the year. We're the second largest in the world, our chapter is. Be involved in ISSA. It's a great networking organization. Get your internal teams involved as well. Make them practice security on a regular basis. Make sure that your staying on top of security. That's what these entire courses, or if you're in specialization, that's what this entire specialization is about, being proactive about security. If you not educating yourself at least 30 minutes a day, on what is happening in security, or really in technology in general, your potential threats are winning because you're not paying attention to what has been coming up. Look at Ars Technica. Look at US-CERT. Look at ISSA. Be involved in learning about security on a constant basis. Taking this course on Coursera is a great start. Understanding your environment and testing your environment can help your security postures as well. We've already talked about penetration testing. When the NSA leaked all the information to Microsoft several months ago, and said, here is all the exploits or here's some of the exploits, I'm sure NSA has a lot more, here are the exploits that we have for Windows systems. And they've leaked from shadow brokers. We said, you know what? It's not a problem. Do you know why? Because we understood immediately when it came out, we had it already patched. We knew where we wanted to go. And we had the incident response plan in place if anything happened. So, understanding technology and understanding threats that could be coming in helped us be proactive where we were just able to say, nope, we're protected. Even though the entire world, I don't know how many companies I had calling me because, how are you going to patch WannaCry? I said it's not a problem, because you know what? We patched it already. We've been proactive about our security. We have defense in-depth in place to make sure that we are not compromised in any which way. So, I hope you enjoyed the course. If you need anything, if you want to chat, email address is listed. You can go to my personal website or my academic website on the university. I'll be more than happy to answer questions for you if you just email me. If you want to bounce ideas off of me, not a problem, because you know what? It's being proactive. I've been there, I've been in your shoes and trying to understand how my security posture is affected by this or that.